CVE-2026-7787
Received Received - Intake
Authentication Bypass in IBM Langflow OSS

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: IBM Corporation

Description
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-7787
EUVD
EUVD-2026-36251
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm langflow_oss From 1.0.0 (inc) to 1.9.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows unauthenticated attackers to access other users' chat history, which constitutes unauthorized access to sensitive information.

Such unauthorized access to sensitive data can lead to non-compliance with common data protection standards and regulations like GDPR and HIPAA, which require strict controls to protect personal and sensitive information from unauthorized disclosure.

Therefore, if exploited, this vulnerability could result in violations of these regulations due to the exposure of sensitive user data.

Executive Summary

CVE-2026-7787 is a vulnerability in IBM Langflow OSS versions 1.0.0 through 1.9.1 that allows unauthenticated attackers to access or modify sensitive information by bypassing authentication.

The issue arises from a session ID namespace bypass in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint. Specifically, the inputs.session parameter can override the session ID used during flow execution.

When a public flow contains a Memory (Message History) component with an empty session_id field, it uses the caller-supplied session ID without proper isolation. Because the public build_public_tmp path does not enforce session namespacing, unauthenticated users can provide arbitrary session IDs and retrieve stored chat history.

This vulnerability is exploitable against sessions created through the authenticated POST /api/v1/run/{flow_id} path, where the default session_id matches the flow UUID, making target sessions predictable.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive information, such as other users' chat history stored in Langflow OSS.

Because attackers can bypass authentication and retrieve or modify sensitive data, this poses a significant security risk.

The CVSS base score of 7.5 indicates a high severity impact, emphasizing the potential damage from unauthorized data exposure.

There are no available workarounds, so affected users must upgrade to Langflow OSS version 1.9.2 or later to mitigate this risk.

Detection Guidance

This vulnerability involves an insecure direct object reference in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint, where the inputs.session parameter can override the session ID, allowing unauthorized access to chat history.

Detection would involve monitoring or testing this specific API endpoint for unauthorized access attempts by sending crafted POST requests with arbitrary session IDs to see if chat histories can be retrieved without proper authentication.

No specific detection commands or tools are provided in the available resources.

Mitigation Strategies

IBM strongly recommends upgrading Langflow OSS to version 1.9.2 or later to remediate this issue.

No workarounds are available, so applying the fix promptly is the primary mitigation step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7787. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart